[ovs-discuss] OVSDB with SSL connection
Ben Pfaff
blp at ovn.org
Fri Jan 6 05:01:03 UTC 2017
On Thu, Jan 05, 2017 at 05:50:45PM -0800, Paul White wrote:
> I am configuring ovsdb-server to connect to a remote manager using SSL. I
> have the certificates configured, and the connection works as long as I do
> not configure a ca-cert. Configuring a ca-cert causes server-side
> certificate verification to fail in OpenSSL.
>
> I believe this is because I am only allowed to insert an IP address for
> remote manager target and the remote server is using a certificate
> generated with it's DNS name, not IP address.
>
> Is there a way (or any plans to support) providing a hostname target inside
> the manager table? This would allow the OpenSSL library to properly verify
> server-side certificate. Using per-IP certificates is not an option for us
> to due to load balancing and scale.
We'd accept a working patch.
More information about the discuss
mailing list